Digital Quality Systems, AI, and the Future of Quality Oversight

As pharmaceutical development and manufacturing become more complex, organizations are under increasing pressure to maintain execution consistency, strengthen risk identification, and manage quality across distributed operations. Digital quality systems and AI are changing how those challenges are addressed, improving visibility across the lifecycle and changing how organizations approach decision-making, governance, and operational oversight. In an interview with Chander Badwal, Senior Director, Head of Digital Quality, Thermo Fisher Scientific Pharma Services, the discussion explores how connected quality environments are evolving within regulated Good Practice (GxP) settings and what organizations need to consider as AI capabilities continue to mature.

Contract Pharma: Digital systems are well established across the industry. As development becomes more complex and distributed, what separates organizations that sustain quality performance—and how does digital maturity factor into that differentiation?

Chander Badwal: What separates organizations today is not whether they have digital quality systems. Most do. The real difference is whether those systems continue to perform consistently as complexity increases.

As development expands across modalities, sites, suppliers, and timelines, variability becomes harder to manage. That variability affects tech transfer, execution consistency, timelines, and ultimately supply reliability.

Digital quality systems have changed what organizations can do operationally. They create more structured workflows, stronger traceability, and better visibility across programs and sites. They also make it easier to identify issues earlier instead of discovering them downstream during deviation review, inspection preparation, or release activities.

Just as important, they help reinforce data integrity in day-to-day execution rather than relying heavily on retrospective review.

But technology alone is not enough. The organizations that perform well over time are the ones where quality expectations are embedded into how work actually gets done. Regulatory intent, decision-making discipline, and execution consistency have to carry through daily operations, especially under pressure.

The strongest organizations bring digital capability, governance, and operational discipline together. That combination helps maintain rigor at scale, supports more predictable execution, and reduces the kinds of late-stage disruptions that become difficult to recover from.

Contract Pharma: How do digital quality systems change what is possible in terms of risk identification and decision-making across the development lifecycle?

Chander Badwal: Digital quality systems expand both the visibility and timing of quality insight.

By connecting data, workflows, and controls across development, manufacturing, and supply, they create a more complete picture of how a program is performing. Issues that may once have surfaced late in the process can now often be identified earlier, while there is still an opportunity to act on them.

That allows organizations to identify and address issues earlier instead of reacting after problems have already surfaced.

In a CDMO environment, that can mean fewer surprises during tech transfer, more stable scale-up activities, and more consistent execution across sites and stages.

Digital systems also support more standardized decision-making. Instead of relying heavily on individual interpretation, decisions are made within more consistent workflows and documented processes.

Another important benefit is continuity. Decisions, rationale, and supporting data stay connected as programs move between teams, sites, and lifecycle stages. That reduces the need to reinterpret information or rebuild context later.

Ultimately, the value is not simply having more data. It is having data that can be applied earlier, more consistently, and with better operational context.

Contract Pharma: As organizations build more connected, data-rich quality environments, where does AI begin to extend those capabilities—and what does it change?

Chander Badwal: AI builds on the foundation that digital quality systems create.

Once data becomes more structured and connected, AI can help identify patterns, trends, and emerging risks that would be difficult to detect consistently through manual review alone, particularly at scale.

That has the potential to strengthen predictive quality and support earlier identification of variability.

At the same time, AI changes how organizations think about decision support.

Traditional systems generally operate within defined rules and expected outputs. AI systems, particularly probabilistic or generative models, behave differently. Outputs may be useful and contextually relevant, but they are not always directly verifiable in the same way.

That creates both opportunity and risk.

AI can improve consistency and extend analytical capability, but it can also introduce new variability if outputs are accepted too quickly or applied outside the context they were designed for.

One common mistake is layering AI onto existing processes without reconsidering whether those processes were designed for AI-supported execution in the first place. In complex, multi-site operations, that disconnect can create problems during transfer, review, release, or broader execution activities.

As AI capabilities mature, organizations will increasingly need to evolve process design, oversight, and governance alongside the technology itself.

Contract Pharma: What new risks does AI introduce into quality processes, and why can’t existing digital controls simply be extended to manage them?

Chander Badwal: AI introduces a different type of risk because it changes how outputs are generated and evaluated.

Traditional digital systems operate within predefined logic. Outputs can generally be checked against known expectations. Generative and probabilistic AI systems do not work the same way. Outputs may appear credible and well reasoned, but they are not always directly verifiable at the individual instance level.

That shifts the nature of review. Instead of verifying against a known answer, reviewers are often assessing whether an output seems reasonable within context.

This creates several new risks.

Hallucinations are the most obvious example, where an AI system produces information that sounds convincing but is incorrect. There is also automation bias, where people begin to trust AI-supported outputs too readily. Over time, organizations can also experience reliance drift, where independent analysis gradually weakens because teams become accustomed to deferring to AI-generated recommendations.

In large-scale CDMO operations, even small errors can propagate across programs, sites, or batches if they are not identified early.

The FDA’s 2026 warning letter to Purolea Cosmetics Lab brought attention to this issue by specifically citing inadequate oversight of AI-generated outputs within CGMP operations.

That is why traditional controls are not always sufficient. Review only works when errors can realistically be identified before they affect a GxP outcome.

Managing AI-related risk requires controls that are specifically designed around how these systems operate, including how outputs are generated, reviewed, monitored, and escalated when needed.

Done correctly, AI can strengthen the quality system. Done poorly, it can introduce additional variability into already complex operations.

Contract Pharma: What does meaningful AI governance look like in a GxP-regulated environment, and how does it align with established quality principles?

Chander Badwal: Meaningful AI governance starts with a simple principle: just because AI is available does not mean it is appropriate for GxP use.

The key question is intended use. Is the AI system informing, influencing, or supporting a GxP decision or record? From there, governance should follow a risk-based approach, with controls scaled appropriately to potential impact.

One of the most important considerations is detectability. If an error can be identified and corrected before it affects a GxP outcome, human review may function as an effective control. If detectability is limited, organizations need stronger upstream and downstream safeguards.

That often means combining multiple layers of control. Prevent issues where possible, detect them when prevention fails, and establish recovery mechanisms where detection alone is insufficient.

AI governance also reinforces core data integrity expectations. A reviewer’s approval may satisfy accountability requirements, but it does not automatically establish that outputs are accurate, complete, or consistent if those outputs cannot be independently assessed.

Responsibility has to be paired with the ability to evaluate correctness.

In a CDMO environment, governance also needs to function consistently across sites, programs, and clients. At Thermo Fisher Scientific Pharma Services, that has shaped an approach where AI governance is integrated into the broader quality system rather than managed separately. Risk assessment, validation expectations, and operational oversight are aligned to the level of impact and complexity involved.

Well-designed governance should not slow adoption. It should enable organizations to scale AI responsibly and with confidence.

Contract Pharma: As AI capabilities continue to evolve, what will differentiate organizations that successfully scale both innovation and quality performance?

Chander Badwal: At scale, quality ultimately shows up in outcomes. Consistent execution, reliable supply, stable inspections, and fewer operational disruptions are what matter.

AI will increasingly influence how organizations achieve those outcomes, but it will not fundamentally change what defines strong performance.

General-purpose AI tools are becoming widely accessible. The differentiator is not access to the technology itself. It is how organizations integrate AI into controlled processes and how effectively they apply it using reliable, high-integrity data.

The industry is also moving gradually from augmented intelligence, where humans remain deeply involved in decisions, toward more agentic systems that operate with increasing autonomy.

That shift raises the stakes significantly.

Autonomous actions tied to validated records, release decisions, shipments, or regulatory reporting can create consequences that are not easily reversible. That is part of the reason regulators remain cautious around fully autonomous AI applications in GMP environments.

The organizations that succeed will be the ones that scale governance alongside capability.

Oversight cannot depend entirely on downstream review. Organizations will need clearly defined operating boundaries, continuous monitoring, escalation thresholds, and disciplined intervention models before autonomy expands further.

At Thermo Fisher, this has led to a phased governance approach focused first on stabilizing foundational controls, then standardizing execution, and finally scaling capabilities as organizational maturity increases.

When innovation and governance mature together, AI becomes an extension of operational discipline rather than a separate source of risk.